package account.common;

import org.apache.commons.text.StringEscapeUtils;

/**
 * 客户端发来的字符串可能含有恶意HTML标签对服务器进行攻击, 转义成不含标签的纯文本更安全
 */
public class SafeInputText {
    protected String plainText;

    public String asPlainText() {
        return plainText;
    }

    public int length() {
        return plainText.length();
    }

    protected SafeInputText() {
    }

    /**
     * 将不安全的HTML文本转义成为纯文本
     *
     * @param unsafeInput 不安全的文本字符串
     * @return SafeHtmlPlainText 对象
     */
    public static SafeInputText fromUnsafeText(String unsafeInput) {
        SafeInputText result = new SafeInputText();
        result.input(unsafeInput);
        return result;
    }

    protected void input(String unsafeInput) {
        plainText = StringEscapeUtils.escapeHtml4(unsafeInput);
    }
}
